Author: Guru's

At the RSA Conference 2023, Cato Networks announced the addition of Cato Remote Browser Isolation (RBI) to its Cato SASE Cloud platform. With Cato RBI, enterprises can deliver RBI to all users worldwide in minutes, allowing them to access unclassified websites and applications, without compromising their security.

IT teams face a dilemma in the grey area of new, unclassified, websites: block them to achieve security or allow them to improve user productivity. “Cato has been consistently innovative in helping customers achieve the balance between security and user productivity,” said Ofir Agasi, Vice President of Product Management at Cato Networks. “With Cato RBI integrated into Cato SASE Cloud, we extend that balance by allowing users to browse unclassified websites securely.”

Enabling Users to Browse Uncategorised and Potentially Malicious Websites Safely

With new websites appearing all the time, users inevitably need to access uncategorised sites. Too often, though, uncategorised sites are the source of cyber-attacks. Blocking them leaves users frustrated and unproductive but enabling them increases corporate risk.

Cato RBI addresses the problem of allowing access to potentially malicious websites by loading them in an isolated browser remotely from the user’s device. A safe version of the site is then streamed to the user’s device without the site’s original code. Security and productivity remain intact.

Cato RBI provides protection against a wide range of browser-based attacks such as unintended downloads of malware and ransomware, malicious ads, cross-site scripting (XSS), browser vulnerabilities, malicious and exploited plug-ins, phishing attacks, and more.

Cato Partners with Authentic8 for Their Proven, Cloud-native, and Best-in-Class RBI Technology

To deliver the most reliable and secure RBI technology, Cato decided to partner with Authentic8, a world leader in the field of RBI. Authenic8’s RBI engine is cloud-native and globally available, making the integration with Cato SASE Cloud reliable, consistent, and completely transparent to Cato customers.

“Seamlessly delivering isolated web access triggered by risk context is exactly what the market is asking for. Rigid solutions that require installing dedicated browsers or changing users’ workflows fail to scale in today’s decentralised IT environment,” said Miguel Ramos, Authentic8’s Head of Product. “We’re delighted Cato Networks has selected Silo’s cloud-native isolation API as the foundational browsing technology for its customers.”

Cato RBI: Part of a Comprehensive SASE Security Stack, Enabled Instantly

Cato RBI is fully integrated with the rest of the Cato SASE Cloud security capabilities which include FWaaS, SWG, IPS, NGAM, CASB, and DLP. Being part of a leading SASE platform revolutionises RBI usability and ease of deployment.

Rather than dealing with complex routing and policy configurations, deployment, and maintenance, Cato RBI requires nothing more than a few mouse clicks. It is equally available to all internet traffic from all locations and edges worldwide.

While the underlying technology is extremely advanced and part of Cato’s multilayered protection, the configuration of Cato RBI is exactly the opposite. IT and security administrators can now simply select “isolate” alongside “block” or “prompt,” which are typically the preference for uncategorised sites.

Enterprise IT teams are now better equipped to secure their users when accessing the internet: allowing access to “good” websites, blocking “bad” ones, and for everything else, using Cato RBI.

 

The post Cato Networks Introduces Instant RBI Featuring Single-Click Activation appeared first on IT Security Guru.

Comparitech recently conducted a series of freedom-of-information requests, which found that UK government employees received an average of 2,246 malicious emails each in 2022. The results showed that, across 250 government organisations, Comparitech estimates that 2.16 million government employees received a total of 2.75 billion malicious emails in 2022.

The study also found that:

  • Government employees received an average of 2,245.88 malicious emails each in 2022
  • 250 government organisations received an estimated 2.75 billion malicious emails in 2022
  • Each government employee received an average of 355.92 spoofing emails, 32.2 emails containing malware/viruses, 184.6 phishing emails, and 832.57 spam/junk emails
  • An average of 0.04 percent of the malicious emails were opened by staff in 2022, meaning 1.1 million malicious emails were potentially opened by government staff
  • Of those opened, 0.21 percent of these malicious emails resulted in staff members clicking on suspicious links = 2,311

Having conducted a similar study 2 years ago, Comparitech was able to conclude that 2021 saw a slightly higher rate of emails per government employee–2,399.

Unfortunately, this doesn’t necessarily mean governments are under any less of a threat. In fact, Comparitech previously looked at worldwide ransomware trends, which indicated, ransomware attacks on government departments have remained a consistent and dominant threat in recent years.

It’s also important to understand that the government departments with high volumes of malicious emails aren’t necessarily bigger targets for hackers or have “weaker” security systems. Rather, their IT systems may be doing a better job at filtering out malicious emails. Equally, IT systems may differ in their tracking and calculating of malicious email volumes, which impacted the results.

Government departments that received the most malicious emails were:

  1. Government of Northern Ireland: 1.05bn malicious emails received by 24,324 employees = 43,003 emails per employee.
  2. NHS England (which has recently merged with NHS Digital): 473.2m malicious emails received by 1,410,430 employees (the entire NHS staff force) = 336 emails per employee.
  3. The British Council: 44.3m malicious emails received by 1,299 employees = 34,124 emails per employee.
  4. Network Rail Limited: 25.4m malicious emails received by 44,010 employees = 578 emails per employee.

 

The post UK government employees receive average of 2,246 malicious emails per year appeared first on IT Security Guru.

Armis today released new research identifying the top connected medical and IoT devices that are exposed to malicious activity in clinical environments. Data analysed from the Armis Asset Intelligence and Security Platform, which tracks over three billion assets, found nurse call systems to be the riskiest* IoMT device, followed by infusion pumps and medication dispensing systems. When looking at IoT devices, IP cameras, printers and Voice Over Internet Protocol (VoIP) devices are topping the list.

By 2026 smart hospitals are expected to deploy over 7 million IoMT devices, doubling the amount from 2021. Medical and non-medical devices are increasingly connected, automatically feeding patient data from monitoring devices into electronic records. These connections and communications within a medical environment help improve patient care but also make it increasingly vulnerable to cyberattacks, which could result in the interruption of patient care.

Upon a comprehensive analysis of the data from all connected medical and IoT devices on the Armis Asset Intelligence and Security Platform, several noteworthy conclusions can be drawn:

  • Nurse call systems are the riskiest connected medical device, with 39% of them having critical severity unpatched Common Vulnerabilities and Exposures (CVEs) and almost half (48%) having unpatched CVEs.
  • Infusion pumps are second, with 27% having critical severity unpatched CVEs and 30% having unpatched CVEs.
  • Medication dispensing systems are in third place, with 4% having critical severity unpatched CVEs, but 86% having unpatched CVEs. Moreover, 32% run on unsupported Windows versions.
  • Almost 1 in 5 (19%) connected medical devices are running unsupported OS versions.
  • More than half of IP cameras we monitored in clinical environments have critical severity unpatched CVEs (56%) and unpatched CVEs (59%), making it the riskiest IoT device.
  • Printers are the second riskiest IoT device in clinical environments, with 37% having unpatched CVEs, and 30% having critical severity unpatched CVEs.
  • VoIP devices are in third place. Although 53% of them have unpatched CVEs, only 2% have critical severity unpatched CVEs.

“These numbers are a strong indicator of the challenges faced by healthcare organisations globally. Advances in technology are essential to improve the speed and quality of care delivery as the industry is challenged with a shortage of care providers, but with increasingly connected care comes a bigger attack surface,” said Mohammad Waqas, Principal Solutions Architect for Healthcare at Armis. “ Protecting every type of connected device, medical, IoT, even the building management systems, with full visibility and continuous contextualised monitoring is a key element to ensuring patient safety.”

Armis secures all medical assets and patient care environments in some of the largest healthcare delivery organisations around the world:

“Armis appeared to be a good alternative for us because it immediately provided us with  visibility into what devices were plugging into the network. It shows us how they are interacting with each other, creates alerts based on observed behaviour and enforces firewall rules based on those alerts,” said Brian Schultz, Director of Network Operations and Security, Burke Rehabilitation Hospital.

“Metrics and accountability are key to understanding how to protect the hospital’s network, and Armis has a major role in making the relevant  data available to us in an easy-to-access manner. It has definitely filled in the gaps in our security arsenal by uncovering  risks we never knew about previously. At first, I thought Armis was a  nice-to-have, but now it’s become an integral part of our cyber defense,” said Dr. Michael Connolly, Chief Information Officer (CIO), Mater Misericordiae University Hospital

The post Armis Identifies the Riskiest Medical and IoT Devices in Clinical Environments appeared first on IT Security Guru.

Armis has announced significant business momentum in the healthcare sector driven by healthcare and life sciences companies choosing the Armis Platform to identify and secure their medical devices. Armis has become a critical partner to global healthcare and life sciences organisations to help identify the entire digital landscape across IoMT, OT, IoT and IT assets essential to connected care delivery.

Armis supports healthcare and life sciences organisations globally, including 5 out of 8 of the largest healthcare companies by market cap and leading organisations, such as Takeda Pharmaceuticals, Burke Rehabilitation Hospital, Mater Misericordiae University Hospital, Nuvance Health, Main Line Health, Corewell, Advent Health and Institute Curie. Over the past year, Armis has continued to grow its partnerships with new customers across the healthcare sector, resulting in 115% customer growth year-over-year, on average. Armis has been recently recognised in both the Inc. 5000 Regionals: Pacific and the Deloitte Fast 500 for its rapid trajectory and revenue growth.

“Our work in the healthcare sector is critically important,” said Yevgeny Dibrov, CEO and Co-founder of Armis. “Securing medical assets and patient care environments in light of the evolving threat landscape is essential to healthcare delivery organisations operating with no disruptions so that these essential providers can focus on patient care. It’s this convergence of cyber-physical systems and the impact we are having on society as a whole that drives us to continue to go above and beyond to support this critical sector.”

Threats Targeting Healthcare Organisations on the Rise

According to proprietary data from the Armis Asset Intelligence and Security Platform collected between January 1, 2023 and March 31, 2023, organisations in the healthcare sector have experienced a 31% increase in threat activity when compared to the three months prior.

The Armis State of Cyberwarfare and Trends Report: 2022-2023 found that 72% of respondents responsible for IT in healthcare, medical, and pharmaceutical environments agree that their boards of directors are changing their organisation’s culture towards cybersecurity in response to the threat of cyberwarfare. This trend is driven by the prevalence and steady cadence of cyberattacks on the healthcare sector, and respondents indicated they are somewhat or very concerned about the impact of cyberwarfare on their organisations as a whole (70%), their company’s critical infrastructure (72%), and their company’s services (68%).

Why Organisations Have Chosen Armis

  • “Of all the vendors we looked at, Armis provided the fastest time to value and the widest coverage. Because it’s cloud-based, Armis is also simple to manage. All these factors made it easy to choose Armis, frankly. Thanks to Armis, we’ve already uncovered a series of potential cyber risks. Without the Armis deployment, we never would have known they existed. It has already paid for itself.” – Mike Towers, Chief Security and Trust Officer, Takeda Pharmaceuticals
  • “Armis gives us precision-based evidence so we can deal with third-party suppliers who are connected to our infrastructure and hold them accountable. Now we can tell them what state their equipment is in and what needs to be done to bring the equipment into compliance with our contractual agreements. All of this helps make our environment a safer place from a cybersecurity perspective.” – Michael Connolly, Chief Information Officer (CIO), Mater Misericordiae University Hospital
  • “We are looking at Armis as a new way to gain insights into our network. It only takes a little bit of effort on our part to get an enormous amount of information. Prior to Armis, the amount of work it would take to collect that data would be beyond our capabilities.” – Brian Schultz, Director of Network Operations and Security, Burke Rehabilitation Hospital
  • “Armis was great – it showed us everything the competing vendors discovered and then some. The PoV resulted in comprehensive visibility to all connected devices, identification of vulnerabilities, network traffic, and even tagging of biomedical devices that were on the FDA recall list. Armis has uncovered an even greater number of what I call ‘moderately managed’ biomedical devices, which are dispersed throughout the organization. Getting our arms around that has been a tremendous advantage. Typically, Armis provides us with the visibility we need to remediate an asset in about one minute. In the past, tracking down the device and pulling in the network data would take us a minimum of two hours or more.” – security leadership at a large U.S. regional healthcare provider
  • “We lacked a cohesive understanding of where everything was located, what our devices were doing, and what they were talking to. Asset discovery was a challenge, as was vulnerability management. In an environment that has IT, IoT, and OT devices, not everything is “agent able.” From a visionary perspective, Armis has it all. It’s doing exactly what it’s designed to do.”- Security Engineer for a medical equipment and technology provider
  • “Armis IoT Solutions is part of our long-term plans. We use the solution as part of our medical device security monitoring efforts, but there are two additional uses for the system that we have found that were not in our original project plan. First, Armis IoT Solutions is going to help us with our configuration management database. Second, the IoT devices are not necessarily medical, so we are going to work to be able to use the tool for things like badge readers, cameras, and so on. So we are going to use Armis IoT Solutions for more than just IoMT monitoring, and we are going to use the solution for much more than we originally planned.” – Manager at a healthcare delivery organization
  • “Armis has the best mix of operational technology, the IoT, and the IoMT of vendors that are on the market. The product works great. We are using it for more than what we originally bought it for, and from a value proposition, that means that we are doing pretty darn well and definitely looking forward to continuing to partner with Armis.” – CISO at a healthcare delivery organisation
  • “Armis IoT Solutions is a great product. I have been in the world of medical device security for years, so I have seen a number of different tools, devices, and so forth, and I would definitely put Armis at the top of the market, especially when it comes to the vendor’s technology but also because of the knowledge that the vendor’s staff has.” – Manager at a healthcare delivery organisation

“The key differentiators for the Armis platform include strong risk and vulnerability management capabilities,” said Rohan Paul, Analyst at Quadrant Knowledge Solutions. “Further, the company’s extensive Collective Asset Intelligence Engine, the agentless security approach, passive, real-time monitoring with no latency or disruption of operations, its querying capabilities, and the intelligent reporting and analytic tools that can help HDOs optimise usage/performance of their assets are a few components that set Armis apart from its competitors. Based on our analysis of the company’s capabilities compared to the market, Armis is a clear leader for its technology excellence and customer impact.”

This momentum comes on the heels of Armis’ announcement that it has surpassed the 100m USD mark in annual recurring revenue (ARR), growing from 1m to 100m USD in less than 5 years. Additionally, Armis was recently named the most innovative company globally in the security category by Fast Company in its prestigious annual list of the World’s Most Innovative Companies for 2023. It also ranked #14 in the World’s 50 Most Innovative Companies list. Additionally, Armis was recognised as a Hot Company in Healthcare IoT Security in Cyber Defence Magazine’s Global InfoSec Awards.

 

 

The post Armis Announces Significant Business Momentum in Healthcare appeared first on IT Security Guru.

Keeper Security has announced a series of significant new User Interface (UI) updates to its password management platform for a friendlier and more intuitive experience. Keeper’s upgraded user interface offers clearer distinctions between elements, as well as enhanced clarity and searchability, to improve the user experience and make it even easier to take advantage of Keeper’s powerful features.

“Our customers’ satisfaction with their user experience is a priority for us. We are fanatical about creating solutions that are as user-friendly as they are secure” said Keeper CEO and Co-Founder, Darren Guccione. “At Keeper, our design and product teams are constantly working to modernize Keeper’s cybersecurity products which ultimately unifies ease-of-use and world-class security.”

Keeper customers can expect an updated experience with this overhaul of the vault’s user interface – offering a fresh, updated look with modern styling for a welcoming and streamlined appeal. Highlights to the updated UI include:

  • Friendlier Interface: Keeper’s streamlined UI will reduce grid lines and introduce cleaner colors and adjustable panes.
  • Streamlined Usability: More efficient user workflows will reduce the number of clicks necessary to complete a task.
  • Accessibility and Inclusion: Upgraded UI will provide colors, contrast and font/icon sizes compliant with Web Content Accessibility Guidelines (WCAG) standards.
  • Advanced Search: New, easy-to-use filters will enable users to search their Keeper Vaults with the utmost flexibility.
  • Onboarding: The new onboarding wizard provides a more welcoming guided experience to setting up a user’s vault.
  • Lost Records: Keeper will now show the shared folder name and record contents of all records that are deleted out of shared folders.

When customers log into Keeper, they will immediately notice a refreshed Web and Desktop Vault featuring the new, modern UI. Animated record and folder details are displayed for better clarity, legibility and modern style, and users will be able to customize their individual colors. Users can now enjoy improved vault organization with modern interface elements such as modals, popups and dialogs – all improved to be equally functional and stylish. The interface will also display avatars with initials to allow teammates to quickly identify contacts when sharing records and folders.

As Keeper expands into larger markets, the number of folders and records in enterprise vaults has increased exponentially, with some customers having tens of thousands of record counts. To address this, Keeper will now offer advanced search capabilities to quickly pinpoint data in the vault. This search function will allow users to specify one or more search operators that can be used in combination to locate folders and records – while also allowing for granular searches that include specific values in specific record fields. Meanwhile, the brand new Keeper Quick Search feature will show recently viewed items and provide lightning fast results.

Also coming soon for Keeper’s users is a new fixed-sized browser extension, which will stay consistent from screen to screen, and replicate the Web Vault improvements on mobile devices. The browser extension provides a more spacious design, easier identification of key fields, useful settings and features with easy-to-find logos, and simple navigation with new layouts.

For mobile apps, the new UI will feature friendly elements that are easier to read and navigate on smaller screens. For iOS, Keeper users will benefit from performance improvements, faster speeds and enhanced search results to easily find folders and their contents – even with tens of thousands of records. Android users will see cleaner themes with a new default Light Mode and revamped user-selected themes to match Keeper’s UI enhancements. Additional features include a navigation bar for quick access to important screens on the app and frictionless Multi-Factor Authentication (MFA) login.

Keeper is taking an incremental approach to improving the user experience, continuously enhancing the look, feel and usability of its applications, while staying mindful of the importance of familiarity, consistency and the world-class functionality and security that Keeper users are accustomed to.

The post Keeper Security introduces new user interface appeared first on IT Security Guru.

Today, Cato Networks has been named the Leader in the Single-Vendor SASE Quadrant Analysis published in TechTarget.

“We’re honoured to be identified as the Leader in single-vendor SASE market,” says Shlomo Kramer, CEO and co-founder of Cato Networks. “Cato introduced the first worldwide SASE platform in 2016, four years before Gartner defined the term. Since then, we’ve continued to enhance and extend Cato SASE Cloud as recognized by this award.”

Why Single-Vendor SASE?

While SASE brings operational benefits to an organisation, the report notes that single-vendor SASE brings certain unique benefits, including:

  • Enhanced security posture by reducing the complexity of security functions, enforcing a single security policy enterprise-wide, and minimising the attack surface.
  • More efficient use of network and security personnel stemming from faster deployment times, reduced dependency on advanced networking and security skills and resources, removal of redundant activities, and a single security policy.
  • Better user and system administrator experiences as performance issues like latency and jitter are easier to manage, end-to-end issue diagnosis is simpler, and there is a single warehouse for all event data and logs.

Why Cato?

According to the report, Cato SASE Cloud brings several unique strengths:

  • A global cloud-native, single-pass engine is the right architecture for single-vendor SASE. It provides line-rate, security inspections, and optimised traffic worldwide for all company edges – sites, mobile users, and the cloud – even for encrypted traffic.
  • Cato fully maintains the underlying infrastructure of Cato SASE Cloud freeing IT from common network and security operations, such as updating security signatures in response to the latest zero-day threat. The report notes that Cato frequently points to its low Time to Protect – how quickly an IPS signature is not just developed but put into action. For example, they protected their customers against Log4j in just 17 hours (versus days and weeks for many companies).
  • Single management platform converges security and networking eliminating “swivel chair IT troubleshooting.” Cato’s Event screen is a good example of convergence, providing a single interface for seeing all networking and security event data for the past year.

About the Report

The SD-WAN Experts Single-Vendor SASE Quadrant Analysis evaluated seven vendors in what the authors term was an “MQ-like” analysis. Vendors were compared on their execution ability and their completeness of vision. The authors say they relied solely on publicly available information and tempered our theoretical analysis with our own real-world experience deploying SASE platforms.

The post Cato Networks Recognised as Leader in Single-Vendor SASE Quadrant Analysis appeared first on IT Security Guru.

Software security company Synopsys have discovered a new remote code execution vulnerability (RCE) in the Pluck CMS system. Pluck is a content management system (CMS) implemented in PHP designed for setting up and managing your own website. Devised with ease of use and simplicity in mind, Pluck is best suited for running a small website.

Pluck CMS features an “albums” module. Albums are used to create collections of images that can be inserted into web pages across the site. Albums allow the user to upload JPEG, PNG, and GIF filetypes, which undergo a normalization process before being available on the site.

However, not is all as it seems within the system. As a result of a lack of file extension validation, it is possible to upload a crafted JPEG payload containing an embedded PHP web-shell.

Doing this leaves Pluck users – and the ecosystems they use the CMS to develop – vulnerable to attacks. A threat actor may choose to navigate to it directly to achieve RCE on the underlying web server. Administrator credentials for the Pluck CMS web interface are required to access the albums module feature, and are thus required to exploit this vulnerability. However, once these are acquired (which is entirely within a capable threat actor’s capabilities) they will have direct access.

After authenticating through the web interface, a threat actor would need to navigate to the albums module and create a sample album: Images uploaded to an album are subject to normalization via functions from the graphics library PHP-GD, preventing simple web-shell embedding techniques. However, it is possible to embed a web-shell into a JPEG image that will survive this normalization using the tool Jellypeg, create such a payload and upload it with an executable file extension (.php, .phar, etc.). Navigating to the uploaded file directly allows RCE.

The post Synopsys discover new vulnerability in Pluck Content Management System appeared first on IT Security Guru.

Apparently, the team at Ferrari may not have been up to speed with the latest ways to ensure your security is top priority. It was announced on Monday via a statement uploaded to their website that Ferrari was “recently contacted by a threat actor with a ransom demand related to certain client contact details”.

Ferrari then went on to say that it “will not be held to ransom” and that the best course of action was to inform their clients about the potential data exposure.

The Guru team reached out to some industry experts to understand their perspectives on the incident, and gain some valuable insights for companies looking to avoid this kind of incident in the future:

Christopher Handscomb, Solutions Engineer, EMEA, Centripetal:

“In today’s digital age, it’s becoming all too common for customer data to be breached & exfiltrated with alarming ease. This poses serious concerns for luxury good vendors and their clients alike.

 

From the company’s perspective, a data breach can result in severe reputational damage and even legal action, not to mention a loss of trust from consumers who may be reluctant to share their sensitive information again leading to an impact in sales.

 

On the other hand, consumers may find their personal information – including details on their wealth, status, employment, living arrangements, and more – shared with an unknown party, potentially leading to identity theft, financial fraud, or even physical harm.

 

The good news is that a rapidly growing number of cybersecurity experts are dedicated to defending against these malicious actors. However, companies must be proactive in their approach to securing essential infrastructure and safeguarding customer data.

 

It’s time for organisations to take a serious and proactive stance on cybersecurity before it’s too late.”

 

Brad Freeman, Director of Technology at SenseOn

“Like its cars, Ferrari is a highly sophisticated organisation with extensive research and development, racing, manufacturing and retail operations. However this complexity can provide more opportunities for an attacker to penetrate defences.The Ferrari data breach exposes the unique risk faced by high net worth individuals. This means compromised data may be worth significantly more than in a general data breach as attackers are likely to spend significant time crafting targeted attacks against its valuable clients.”

 

Michael White, technical director, and principal architect at the Synopsys Software Integrity Group:

 In this case it is not known whether any direct access to vehicles was involved in the attack, but this does highlight a notable concern for the future. The automotive industry is moving toward so-called ‘software defined vehicles’ (SDVs), meaning that many of the day to day driving experiences will rely upon extensive cloud hosted infrastructure and applications. The consequences of an attack in such an SDV environment would not just be leakage of data but in the worst case may even allow an attacker to manipulate functionality on the vehicle itself. This means that automotive OEMs such as Ferrari will need to place an increased focus on protecting so-called hybrid infrastructure, including web portals and mobile apps, from malicious attacks across the software supply chain.

 

Martin Jartelius, CSO at Outpost24:

“Largely as expected we see those incidents where an organization is pressured to pay as a means of silencing information on a breach, potentially leveraging the fear of GDPR fines as an element of extortion against organizations. As so far very little information is available it’s hard to determine what happened, but this does not appear to be a severe or remarkable event, it attracts more attention than it should due to the targeted organization’s brand than to the event itself.”

Javvad Malik, lead security awareness advocate at KnowBe4:

Ransomware is a cyber pandemic that attacks all organisations regardless of size and vertical. It is why it’s important that all organisations need to put the pedal to the metal when it comes to ensuring they have the right cybersecurity controls in place. 

When it comes to ransomware, most attacks are successful through phishing, taking advantage of poor credentials, or by exploiting unpatched vulnerabilities. So as a bare minimum organisations should focus on these avenues of attack.”

The post Ferrari Data Breach: The Industry has its say appeared first on IT Security Guru.

Identity management is reaching a tipping point. In 2022, we commissioned a survey of over 1,000 top IT security professionals for our 2022 Identity and Security Survey. This exploration into the state of the identity security market revealed that:

  • More than 89% of respondents have been impacted by an identity-based attack within the last 12 months
  • 96% utilize multiple tools for their identity management
  • 70% believe they’re not even actively using all the tools they’re paying for

These results point to an under-funded, overworked identity and security management workforce. We just had to know if our customers, prospects and partners had/are experienced/ing the same thing. So, we put together a survey for the attendees of our annual user and partner conference, Resilience 2022 (now known as One Identity UNITE), with the goal of gaining a deeper, more nuanced understanding of how the current state of identity management and security is impacting their teams, and what steps could be taken to remediate their issues. Here’s what we found.

Password resharing remains the key security threat for 31% of respondents

Much to the disdain of the security industry, passwords remain a key issue for the customers and partners we surveyed at our conference. However, it is by no means the only issue. An additional 20% of respondents indicated that their biggest security threat is that ex-employees still have access to the organization’s systems and data. Another 20% are worried about ‘malicious or unintentional data breaches’ by employees. 

The mental health of security teams is a key issue

The issue of burnout is one that is widely discussed in the security industry, and the customers we polled gave us tangible evidence that identity security teams are not exempt from this. The majority (63%) of respondents say that their security team is overworked. Another 22% don’t know if their teams are overworked or not. Only 15% said that their teams are currently able to manage their workload appropriately. Overworked identity security teams have the potential to cause, and exacerbate, a myriad of issues, including: 

  • Negative effects on the mental and physical health of the security teams
  • Employees considering leaving the organization, leading to the difficulties replacing them
  • The fact that it’s not easy for overworked people to complete their job function at a high standard, meaning the security team may actually become a security hazard

83% believe that complexity is holding them back from implementing the appropriate security controls

Using multiple identity management solutions and managing more identities than ever before is a problem for security teams, according to our partners. 65% of those surveyed believe that a unified identity security model could reduce identity management complexity. Furthermore, over 70% both understand and are implementing Zero Trust models at their organization. 

Funding is the answer

The problem of overworked security teams is a complex one, but our customers and partners broadly identified a simple solution: better funding for their activities. 62% suggest that more staff and greater funding could make a serious difference when it comes to improving the mental health – and therefore, the resilience – of security teams. Another 29% suggest that a more technical approach (better integration of cybersecurity solutions) could also help. However, better integration requires resources. 

Unified security approaches could keep your security teams well

While funding is a key solution to consider, another to keep in mind is strategy. Many respondents say that a radically different approach is needed to overcome the system of complexity and fragmentation that is currently dominating the identity management space. 58% of those surveyed believe a unified approach would help their team’s mental wellbeing. An even greater percentage (60%) say that a unified approach could, in turn, provide significant results for the entire company, since the mental wellbeing of the security team effects security at the company as a whole. 

Conclusion: Fund and Unify

Security teams are the last line of defense for both internal security issues and external threat actors who might wish your organization harm. By unifying your approach to identity security and ensuring your teams are given the resources and support they need to do their job to the best of their abilities, you can send a message to these threat actors (and to your own organization) that you’re taking security as seriously as the teams you employ to undertake it. 

The post Guest Blog: 5 Key Takeaways from One Identity’s Identity Security Survey appeared first on IT Security Guru.

Cato Networks today announced that it was named as a “Leader” and “Outperformer” by GigaOm in the analyst firm’s Radar for SD-WAN Report. This is the first year that Cato was included in the report, alongside 19 other notable vendors in the SD-WAN market. Despite Cato’s “freshman” status, GigaOm rates Cato an Outperformer overall and at the top of the list in both Key Criteria capabilities and Evaluation Metrics.

Figure 1: The GigaOm SD-WAN Radar

“GigaOm has made a thorough and practical evaluation of the market and we’re honored that Cato has been named a Leader and Outperformer in the SD-WAN Radar Report,” says Eyal Webber-Zvik, Vice President of Product Marketing and Strategic Alliances at Cato Networks. “Cato’s leadership position underscores the strength and maturity of Cato SD-WAN and shows the importance of considering SD-WAN as part of a broader SASE offering.”

Cato’s SD-WAN is Rated Exceptional in Nearly Every Aspect

GigaOm outlined the “table stakes” features that are the baseline capabilities for SD-WAN vendors. Among them are a virtual overlay network, centralized orchestration, built-in resilience, integrated security, and dynamic traffic engineering. Beyond those features, the analyst firm evaluated vendors according to several key criteria considered to be differentiators as well as the primary features for customers to consider as they compare solutions. Cato Networks is the only one of 20 vendors rated as “Exceptional” in every category.

Figure 2: Only Cato scored “Exceptional” across every one of GigaOm’s Key Criteria

 In a similar manner, GigaOm lists eight Evaluation Metrics that provide insight into the impact of each vendor’s product features and capabilities on the customer organization, reflecting fundamental aspects, including infrastructure support, manageability, and total cost of ownership (TCO). Cato rated amongst the top 3 in GigaOm’s Evaluation Metrics, scoring “Exceptional” in 6 of the 8 categories.

 

Figure 3: Cato scored among the top 3 in GigaOm’s Evaluation Metrics

SPACE: The Cato Differentiator

GigaOm attributed this achievement to Cato’s unique architecture, the Cato’s Single Pass Cloud Engine (SPACE). “Cato SASE Cloud is a converged cloud-native, single-pass platform connecting end-to-end enterprise network resources within a secure global service managed via a single pane of glass,” says the report.

“By moving processing into the cloud using thin edge Cato Sockets, Cato SASE Cloud is easier to maintain and scale than competitive solutions, with new capabilities instantly available. Leveraging an expanding global SLA-backed network of over 75 PoPs, Cato is the only SD-WAN vendor currently bundling a global private backbone with its SD-WAN. Moreover, Cato offers both a standalone SD-WAN solution and a security service edge solution – Cato SSE 360 – for securing third-party SD-WAN devices.”

The post Cato SASE Cloud Named “Leader” and “Outperformer” in GigaOm Radar Report for SD-WAN appeared first on IT Security Guru.